[1]张玉玲,尹传环.依特征频率的安卓恶意软件异常检测的研究[J].智能系统学报,2018,13(02):168-173.[doi:10.11992/tis.201609016]
 ZHANG Yuling,YIN Chuanhuan.Android malware outlier detection based on feature frequency[J].CAAI Transactions on Intelligent Systems,2018,13(02):168-173.[doi:10.11992/tis.201609016]
点击复制

依特征频率的安卓恶意软件异常检测的研究(/HTML)
分享到:

《智能系统学报》[ISSN:1673-4785/CN:23-1538/TP]

卷:
第13卷
期数:
2018年02期
页码:
168-173
栏目:
出版日期:
2018-04-15

文章信息/Info

Title:
Android malware outlier detection based on feature frequency
作者:
张玉玲 尹传环
北京交通大学 计算机与信息技术学院, 北京 100044
Author(s):
ZHANG Yuling YIN Chuanhuan
School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, China
关键词:
安卓系统恶意软件数据挖掘异常检测svdd隐含特征单分类器特征频率
Keywords:
Android systemmalwaredata miningabnormal detectionsvddimplicit characteristicssingle classifierfeature frequency
分类号:
TP391
DOI:
10.11992/tis.201609016
摘要:
Android系统由于开源性和可移植性等优点,成为市场占有率最高的移动操作系统。针对Android的各种攻击也层出不穷,面向Android的恶意软件检测已成为近些年移动安全领域非常重要的一个环节。面临的问题包括恶意软件收集困难,异常样本和正常样本比例不平衡。为了有效应对上述问题,提出了Droid-Saf框架,框架中提出了一种挖掘数据隐含特征的数据处理方案;把样本特征包含的隐藏信息当作新的特征;建模时将样本特征融入算法当中,建立动态的松弛变量。应用静态分析方法反编译apk,用改进的svdd单分类器分类,克服了恶意软件检测系统中非正常软件收集困难的不足,降低了异常检测的漏报率和误判率。实验结果验证了该算法的有效性和适用性。
Abstract:
Due to the advantages of open source and portability, Android has become a mobile OS with the largest market share. Various attacks toward Android also emerge in endlessly, the Android-oriented detection for malwares has become a quite important link recently in the field of mobile safety. The problems to be faced include difficult collection of malicious software, imbalanced proportion of the abnormal samples and normal samples. In order to effectively overcome the above difficulties, Droid-Saf framework was proposed, a data processing scheme revealing the implicit characteristics of data was proposed in the framework; the hidden information contained in the sample was treated as a new feature; in modeling, the sample features were integrated into the algorithm and dynamic slack variables were established. Static analytic method was applied to decompile apk, the improved svdd single classifier was used for classification, the deficiency of difficult collection of abnormal software in the system for detecting malicious software was overcome, the rate of missing report and the misjudgment rate of abnormal detection were lowered. The Experimental results verified the effectiveness and applicability of the algorithm.

参考文献/References:

[1] 微头条. Gartner: 2016全球手机出货预计19.59亿部[EB/OL]. http://www.wtoutiao.com/p/19cnOtt.html.
[2] 中文业界资讯站. 2015年Android恶意软件样本数量超230万[EB/OL]. [2017-05-13]. http://www.cnbeta.com/articles/478843.html.
[3] 杨威, 肖旭生, 李邓锋, 等. 移动应用安全解析学: 成果与挑战[J]. 信息安全学报, 2016, 1(2): 1-14.
YANG Wei, XIAO Xusheng, LI Dengfeng, et al. Security analytics for mobile apps: achievements and challenges[J]. Journal of cyber security, 2016, 1(2): 1-14.
[4] AVDⅡENKO V, KUZNETSOV K, GORLA A, et al. Mining apps for abnormal usage of sensitive data[C]//Proceedings of 37th IEEE International Conference on Software Engineering. Florence, Italy, 2015: 426-436.
[5] JUSZCZAK P. Learning to recognise: a study on one-class classification and active learning[D]. TU Delft, the Netherlands: Delft University of Technology, 2006.
[6] ZHOU W, ZHOU Y, GRACE M, et al. Fast, scalable detection of piggybacked mobile applications[C]//Proceedings of the third ACM conference on Data and application security and privacy. [s.l.], ACM, 2013: 185-196.
[7] TAX D M J, DUIN R P W. Support vector data description[J]. Machine learning, 2004, 54(1): 45-66.
[8] ZHOU Wu, ZHOU Yajin, GRACE M, et al. Fast, scalable detection of “piggybacked” mobile applications[C]//Proceedings of the Third ACM Conference on Data and Application Security and Privacy. San Antonio, Texas, USA, 2013: 185-196.
[9] GRACE M, ZHOU Yajin, ZHANG Qiang, et al. Riskranker: scalable and accurate zero-day Android malware detection[C]//Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services (MOBISYS). Lake District, UK, 2012: 281-294.
[10] WU Songyang, WANG Pan, LI Xun, et al. Effective detection of android malware based on the usage of data flow APIs and machine learning[J]. Information and software technology, 2016, 75: 17-25.
[11] YUAN Zhenlong, LU Yongqiang, WANG Zhaoguo, et al. Droid-Sec: deep learning in android malware detection[C]//Proceedings of the 2014 ACM Conference on SIGCOMM. Chicago, Illinois, USA, 2014: 371-372.
[12] SHEEN S, ANITHA R, NATARAJAN V. Android based malware detection using a multifeature collaborative decision fusion approach[J]. Neurocomputing, 2015, 151: 905-912.
[13] TAM K, KHAN S J, FATTORI A, et al. CopperDroid: automatic reconstruction of android malware behaviors[OL/EB]/. [2016-03-24]. https://www.researchgate.net/publication/300925104.
[14] BURGUERA L, ZURUTUZA U, NADJM-TEHRANI S. Crowdroid: behavior-based malware detection system for android[C]//Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. Chicago, Illinois, USA, 2011: 15-26.
[15] TAM K, KHAN S J, FATTORI A, et al. CopperDroid: Automatic Reconstruction of Android Malware Behaviors[C]//Proceedings of Annual Network and Distributed System Security (NDSS). San Diego, United States, 2015.
[16] FARUKI P, BHANDARI S, LAXMI V, et al. DroidAnalyst: synergic app framework for static and dynamic app analysis[M]//ABIELMONA R, FALCON R, ZINCIR-HEYWOOD N, et al. Recent Advances in Computational Intelligence in Defense and Security. Cham: Springer, 2016: 519-552.
[17] TAX M J D, DUIN ROBERT P W. Support vector domain description[J]. Pattern recognition letters, 1999, 20(11/12/13): 1191-1199.
[18] HASTIE T, TIBSHIRANI R, FRIEDMAN J. Unsupervised learning[M]//HASTIE T, TIBSHIRANI R, FRIEDMAN J. The Elements of Statistical Learning. New York, USA: Springer, 2009: 485-585.
[19] CRISTIANINI N, SHAWE-TAYLOR J. 支持向量机导论[M]. 李国正,译. 北京: 电子工业出版社, 2004: 57-61.
CRISTIANINI N, SHAWE-TAYLOR J. An introduction to support vector machines and other kernel-based learning methods[M]. LI Guozheng, Trans. Beijing: Publishing House of Electronics Industry, 2004: 57-61.
[20] 罗隽, 丁力, 潘志松, 等. 异常检测中频率敏感的单分类算法研究[J]. 计算机研究与发展, 2007, 44(Z2): 235-239.
LUO Jun, DING Li, PAN Zhisong, et al. Research on sequence-call-frequency-based one-class algorithm in abnormal detection[J]. Journal of computer research and development, 2007, 44(Z2): 235-239.
[21] 张玉玲, 尹传环. 基于SVM的安卓恶意软件检测[J]. 山东大学学报: 工学版, 2017, 47(1):42-47.
ZHANG Yuling, YIN Chuanhuan. Android malware detection based on SVM[J]. Journal of Shandong university: engineering science, 2017, 47(1): 42-47.

备注/Memo

备注/Memo:
收稿日期:2016-09-14。
基金项目:国家自然科学基金项目(61105056).
作者简介:张玉玲,女,1990年生,硕士研究生,主要研究方向为机器学习;尹传环,男,1976年生,副教授,主要研究方向为网络安全(入侵检测)、数据挖掘、机器学习(支持向量机)。
通讯作者:尹传环.E-mail:chhyin@bjtu.edu.cn.
更新日期/Last Update: 1900-01-01